diff --git a/tests/semanage-handle-functions/Makefile b/tests/semanage-handle-functions/Makefile new file mode 100644 index 0000000..c49dbe0 --- /dev/null +++ b/tests/semanage-handle-functions/Makefile @@ -0,0 +1,63 @@ +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Makefile of /CoreOS/libsemanage/Sanity/semanage-handle-functions +# Description: Test functions from handle.h +# Author: Jan Zarsky +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2017 Red Hat, Inc. +# +# This program is free software: you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation, either version 2 of +# the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see http://www.gnu.org/licenses/. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +export TEST=/CoreOS/libsemanage/Sanity/semanage-handle-functions +export TESTVERSION=1.0 + +BUILT_FILES= + +FILES=$(METADATA) runtest.sh Makefile PURPOSE functions.c test_*.c + +.PHONY: all install download clean + +run: $(FILES) build + ./runtest.sh + +build: $(BUILT_FILES) + test -x runtest.sh || chmod a+x runtest.sh + +clean: + rm -f *~ $(BUILT_FILES) + + +include /usr/share/rhts/lib/rhts-make.include + +$(METADATA): Makefile + @echo "Owner: Jan Zarsky " > $(METADATA) + @echo "Name: $(TEST)" >> $(METADATA) + @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) + @echo "Path: $(TEST_DIR)" >> $(METADATA) + @echo "Description: Test functions from handle.h" >> $(METADATA) + @echo "Type: Sanity" >> $(METADATA) + @echo "TestTime: 5m" >> $(METADATA) + @echo "RunFor: libsemanage" >> $(METADATA) + @echo "Requires: libsemanage libsemanage-devel glibc gcc" >> $(METADATA) + @echo "Priority: Normal" >> $(METADATA) + @echo "License: GPLv2+" >> $(METADATA) + @echo "Confidential: no" >> $(METADATA) + @echo "Destructive: no" >> $(METADATA) + @echo "Releases: -RHEL4 -RHELClient5 -RHELServer5" >> $(METADATA) + + rhts-lint $(METADATA) diff --git a/tests/semanage-handle-functions/PURPOSE b/tests/semanage-handle-functions/PURPOSE new file mode 100644 index 0000000..09a8e19 --- /dev/null +++ b/tests/semanage-handle-functions/PURPOSE @@ -0,0 +1,3 @@ +PURPOSE of /CoreOS/libsemanage/Sanity/semanage-handle-functions +Description: Test functions from handle.h +Author: Jan Zarsky diff --git a/tests/semanage-handle-functions/functions.c b/tests/semanage-handle-functions/functions.c new file mode 100644 index 0000000..7722c09 --- /dev/null +++ b/tests/semanage-handle-functions/functions.c @@ -0,0 +1,132 @@ +#include +#include +#include +#include +#include + +void check_result_int(const char *expected, int real) { + int exp = strtol(expected, NULL, 10); + + if (exp != real) { + fprintf(stderr, "Expected %d but got %d\n", exp, real); + exit(1); + } +} + +semanage_handle_t *test_handle_create() { + semanage_handle_t *sh = NULL; + + sh = semanage_handle_create(); + printf("semanage_handle_create(): %p\n", (void *) sh); + + if (sh == NULL) { + perror("semanage_handle_create"); + exit(1); + } + + return sh; +} + +int test_connect(semanage_handle_t *sh) { + int result = semanage_connect(sh); + printf("semanage_connect(%p): %d\n", (void *) sh, result); + + if (result != 0) { + perror("semanage_connect"); + exit(1); + } + + return result; +} + +int test_disconnect(semanage_handle_t *sh) { + int result = semanage_disconnect(sh); + printf("semanage_disconnect(%p): %d\n", (void *) sh, result); + + if (result != 0) { + perror("semanage_disconnect"); + exit(1); + } + + return result; +} + +int test_begin_transaction(semanage_handle_t *sh) { + int result = semanage_begin_transaction(sh); + printf("semanage_begin_transaction(%p): %d\n", (void *) sh, result); + + if (result != 0) { + perror("semanage_begin_transaction"); + exit(1); + } + + return result; +} + +int test_commit(semanage_handle_t *sh) { + int result = semanage_commit(sh); + printf("semanage_commit(%p): %d\n", (void *) sh, result); + + if (result != 0) { + perror("semanage_commit"); + exit(1); + } + + return result; +} + +#define STATE_INIT 1 +#define STATE_HANDLE 2 +#define STATE_CONN 3 +#define STATE_TRANS 4 + +int get_state(const char *state_str) { + if (strcmp(state_str, "init") == 0) + return STATE_INIT; + if (strcmp(state_str, "handle") == 0) + return STATE_HANDLE; + if (strcmp(state_str, "conn") == 0) + return STATE_CONN; + if (strcmp(state_str, "trans") == 0) + return STATE_TRANS; + + return 0; +} + +semanage_handle_t * get_handle(const char *state_str) { + int state; + semanage_handle_t *sh = NULL; + + state = get_state(state_str); + + if (state >= STATE_INIT) + sh = NULL; + + if (state >= STATE_HANDLE) + sh = test_handle_create(); + + if (state >= STATE_CONN) + test_connect(sh); + + if (state >= STATE_TRANS) + test_begin_transaction(sh); + + return sh; +} + +void destroy_handle(semanage_handle_t *sh, const char *state_str) { + int state; + + state = get_state(state_str); + + if (state >= STATE_TRANS) + test_commit(sh); + + if (state >= STATE_CONN) + test_disconnect(sh); + + if (state >= STATE_HANDLE) { + semanage_handle_destroy(sh); + printf("semanage_handle_destroy(%p)\n", (void *) sh); + } +} diff --git a/tests/semanage-handle-functions/plan.txt b/tests/semanage-handle-functions/plan.txt new file mode 100644 index 0000000..521a914 --- /dev/null +++ b/tests/semanage-handle-functions/plan.txt @@ -0,0 +1,29 @@ + init handle conn trans +semanage_set_root x ok ok ok - +semanage_root x ok ok ok - +semanage_handle_create x ok - - - +semanage_set_rebuild fail ok ok - +semanage_set_reload fail ok ok - +semanage_get_hll_compiler_path fail ? ? - +semanage_set_create_store fail ok ok - should be called after connect +semanage_get_disable_dontaudit fail ? ? - +semanage_set_disable_dontaudit fail ? ? - +semanage_get_preserve_tunables fail ? ? - +semanage_set_preserve_tunables fail ? ? - +semanage_get_ignore_module_cache fail ? ? - +semanage_set_ignore_module_cache fail ? ? - +semanage_set_check_contexts fail ok ok - +semanage_get_default_priority fail ok ok - +semanage_set_default_priority fail ok ok - +semanage_is_connected x fail ok ok - +semanage_select_store fail ok ok - should be called before connect +semanage_set_store_root fail ok ok - +semanage_is_managed x fail ok fail - +semanage_mls_enabled x fail ? ok - +semanage_connect x fail ok ? - +semanage_access_check x fail ok ? - +semanage_disconnect x fail fail ok - ok when disconnected twice +semanage_handle_destroy x fail ok ok - +semanage_begin_transaction x fail fail ok ok ok when begin twice +semanage_commit x fail fail fail ok +semanage_reload_policy fail ? ? ? diff --git a/tests/semanage-handle-functions/runtest.sh b/tests/semanage-handle-functions/runtest.sh new file mode 100755 index 0000000..801aae7 --- /dev/null +++ b/tests/semanage-handle-functions/runtest.sh @@ -0,0 +1,122 @@ +#!/bin/bash +# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/libsemanage/Sanity/semanage-handle-functions +# Description: Test functions from handle.h +# Author: Jan Zarsky +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2017 Red Hat, Inc. +# +# This program is free software: you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation, either version 2 of +# the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see http://www.gnu.org/licenses/. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include Beaker environment +. /usr/bin/rhts-environment.sh || exit 1 +. /usr/share/beakerlib/beakerlib.sh || exit 1 + +PACKAGE="libsemanage" + +rlJournalStart + rlPhaseStartSetup + rlAssertRpm ${PACKAGE} + rlAssertRpm ${PACKAGE}-devel + rlAssertRpm "glibc" + rlAssertRpm "gcc" + + if rlIsRHEL ">=7" || rlIsFedora; then + rlRun -l "gcc test_root.c -o test_root -lsemanage -Wall -Wextra -std=c99" + fi + + rlRun -l "gcc test_handle_create.c -o test_handle_create -lsemanage -Wall -Wextra -Wno-unused-parameter -std=c99" + rlRun -l "gcc test_access_check.c -o test_access_check -lsemanage -Wall -Wextra -std=c99" + rlRun -l "gcc test_is_managed.c -o test_is_managed -lsemanage -Wall -Wextra -std=c99" + rlRun -l "gcc test_connect.c -o test_connect -lsemanage -Wall -Wextra -std=c99" + rlRun -l "gcc test_is_connected.c -o test_is_connected -lsemanage -Wall -Wextra -std=c99" + rlRun -l "gcc test_mls_enabled.c -o test_mls_enabled -lsemanage -Wall -Wextra -std=c99" + rlRun -l "gcc test_transaction.c -o test_transaction -lsemanage -Wall -Wextra -std=c99" + + ERR_FAIL=1 + ERR_ABORT=134 + rlPhaseEnd + + if rlIsRHEL ">=7" || rlIsFedora; then + rlPhaseStartTest "semanage_root, semanage_test_root" + rlRun "./test_root init" + rlRun "./test_root handle" + rlRun "./test_root conn" + rlRun "./test_root init /somepath" + rlRun "./test_root handle /somepath" + rlRun "./test_root conn /somepath" + rlPhaseEnd + fi + + rlPhaseStartTest "semanage_handle_create, semanage_handle_destroy" + rlRun "./test_handle_create init" + rlPhaseEnd + + rlPhaseStartTest "semanage_access_check" + rlRun "./test_access_check init" $ERR_ABORT + rlRun "./test_access_check handle 2" + rlRun "./test_access_check conn 2" + rlPhaseEnd + + rlPhaseStartTest "semanage_is_managed" + rlRun "./test_is_managed init" $ERR_ABORT + rlRun "./test_is_managed handle 1" + rlRun "./test_is_managed conn" $ERR_FAIL + rlPhaseEnd + + rlPhaseStartTest "semanage_connect, semanage_disconnect" + rlRun "./test_connect init" $ERR_ABORT + rlRun "./test_connect init reversed" $ERR_ABORT + rlRun "./test_connect handle" + rlRun "./test_connect handle twice" + rlRun "./test_connect handle reversed" $ERR_ABORT + # why does it work?? + rlRun "./test_connect conn" + rlPhaseEnd + + rlPhaseStartTest "semanage_is_connected" + rlRun "./test_is_connected init" $ERR_ABORT + rlRun "./test_is_connected handle 0" + rlRun "./test_is_connected conn 1" + rlPhaseEnd + + rlPhaseStartTest "semanage_mls_enabled" + rlRun "./test_mls_enabled init" $ERR_ABORT + rlRun "./test_mls_enabled handle" $ERR_ABORT + rlRun "./test_mls_enabled conn 1" + rlPhaseEnd + + rlPhaseStartTest "semanage_begin_transaction, semanage_commit" + rlRun "./test_transaction init" $ERR_ABORT + rlRun "./test_transaction init reversed" $ERR_ABORT + rlRun "./test_transaction handle" $ERR_ABORT + rlRun "./test_transaction handle reversed" $ERR_ABORT + rlRun "./test_transaction conn" + rlRun "./test_transaction conn twice" + rlRun "./test_transaction conn reversed" $ERR_FAIL + rlPhaseEnd + + rlPhaseStartCleanup + rlRun "rm -f output test_root test_handle_create test_access_check \ + test_is_managed test_connect test_is_connected \ + test_mls_enabled test_transaction" + rlPhaseEnd +rlJournalPrintText +rlJournalEnd diff --git a/tests/semanage-handle-functions/test_access_check.c b/tests/semanage-handle-functions/test_access_check.c new file mode 100644 index 0000000..8eb2530 --- /dev/null +++ b/tests/semanage-handle-functions/test_access_check.c @@ -0,0 +1,32 @@ +#include +#include +#include +#include +#include + +#include "functions.c" + +int main (int argc, char **argv) { + semanage_handle_t *sh; + + if (argc < 2) + exit(1); + + sh = get_handle(argv[1]); + + int result = semanage_access_check(sh); + printf("semanage_access_check(%p): %d\n", (void *) sh, result); + + if (result < 0 || (result != 0 && result != SEMANAGE_CAN_READ + && result != SEMANAGE_CAN_WRITE)) { + perror("semanage_access_check"); + exit(1); + } + + if (argc >= 3) + check_result_int(argv[2], result); + + destroy_handle(sh, argv[1]); + + exit(0); +} diff --git a/tests/semanage-handle-functions/test_connect.c b/tests/semanage-handle-functions/test_connect.c new file mode 100644 index 0000000..df403e0 --- /dev/null +++ b/tests/semanage-handle-functions/test_connect.c @@ -0,0 +1,33 @@ +#include +#include +#include +#include +#include + +#include "functions.c" + +int main (int argc, char **argv) { + semanage_handle_t *sh; + + if (argc < 2) + exit(1); + + sh = get_handle(argv[1]); + + if (argc >= 3 && strcmp(argv[2], "reversed") == 0) { + test_disconnect(sh); + test_connect(sh); + } + else { + test_connect(sh); + test_disconnect(sh); + } + + if (argc >= 3 && strcmp(argv[2], "twice") == 0) { + test_disconnect(sh); + } + + destroy_handle(sh, argv[1]); + + exit(0); +} diff --git a/tests/semanage-handle-functions/test_handle_create.c b/tests/semanage-handle-functions/test_handle_create.c new file mode 100644 index 0000000..65d164e --- /dev/null +++ b/tests/semanage-handle-functions/test_handle_create.c @@ -0,0 +1,15 @@ +#include +#include +#include +#include +#include + +#include "functions.c" + +int main (int argc, char **argv) { + semanage_handle_t *sh = test_handle_create(); + + semanage_handle_destroy(sh); + + exit(0); +} diff --git a/tests/semanage-handle-functions/test_is_connected.c b/tests/semanage-handle-functions/test_is_connected.c new file mode 100644 index 0000000..d428e48 --- /dev/null +++ b/tests/semanage-handle-functions/test_is_connected.c @@ -0,0 +1,32 @@ +#include +#include +#include +#include +#include + +#include "functions.c" + +int main (int argc, char **argv) { + semanage_handle_t *sh; + int result; + + if (argc < 2) + exit(1); + + sh = get_handle(argv[1]); + + result = semanage_is_connected(sh); + printf("semanage_is_connected(%p): %d\n", (void *) sh, result); + + if (result != 0 && result != 1) { + perror("semanage_is_connected"); + exit(1); + } + + if (argc >= 3) + check_result_int(argv[2], result); + + destroy_handle(sh, argv[1]); + + exit(0); +} diff --git a/tests/semanage-handle-functions/test_is_managed.c b/tests/semanage-handle-functions/test_is_managed.c new file mode 100644 index 0000000..4d11cb0 --- /dev/null +++ b/tests/semanage-handle-functions/test_is_managed.c @@ -0,0 +1,32 @@ +#include +#include +#include +#include +#include + +#include "functions.c" + +int main (int argc, char **argv) { + semanage_handle_t *sh; + int result; + + if (argc < 2) + exit(1); + + sh = get_handle(argv[1]); + + result = semanage_is_managed(sh); + printf("semanage_is_managed(%p): %d\n", (void *) sh, result); + + if (result != 0 && result != 1) { + perror("semanage_is_managed"); + exit(1); + } + + if (argc >= 3) + check_result_int(argv[2], result); + + destroy_handle(sh, argv[1]); + + exit(0); +} diff --git a/tests/semanage-handle-functions/test_mls_enabled.c b/tests/semanage-handle-functions/test_mls_enabled.c new file mode 100644 index 0000000..7e943f0 --- /dev/null +++ b/tests/semanage-handle-functions/test_mls_enabled.c @@ -0,0 +1,32 @@ +#include +#include +#include +#include +#include + +#include "functions.c" + +int main (int argc, char **argv) { + semanage_handle_t *sh; + int result; + + if (argc < 2) + exit(1); + + sh = get_handle(argv[1]); + + result = semanage_mls_enabled(sh); + printf("semanage_mls_enabled(%p): %d\n", (void *) sh, result); + + if (result != 0 && result != 1) { + perror("semanage_mls_enabled"); + exit(1); + } + + if (argc >= 4) + check_result_int(argv[3], result); + + destroy_handle(sh, argv[1]); + + exit(0); +} diff --git a/tests/semanage-handle-functions/test_root.c b/tests/semanage-handle-functions/test_root.c new file mode 100644 index 0000000..5786348 --- /dev/null +++ b/tests/semanage-handle-functions/test_root.c @@ -0,0 +1,53 @@ +#include +#include +#include +#include +#include + +#include "functions.c" + +int main (int argc, char **argv) { + semanage_handle_t *sh; + const char *root; + int result; + + if (argc < 2) + exit(1); + + sh = get_handle(argv[1]); + + root = semanage_root(); + printf("semanage_root(): %s\n", root); + + if (root == NULL) { + perror("semanage_root"); + exit(1); + } + + if (argc >= 3) { + result = semanage_set_root(argv[2]); + printf("semanage_set_root(\"%s\"): %d\n", argv[2], result); + + if (root == NULL) { + perror("semanage_set_root"); + exit(1); + } + + root = semanage_root(); + printf("semanage_root(): %s\n", root); + + if (result != 0) { + perror("semanage_root"); + exit(1); + } + + if (strcmp(root, argv[2]) != 0) { + fprintf(stderr, "Expected \"%s\" but got \"%s\"\n", argv[2], root); + exit(1); + } + } + + destroy_handle(sh, argv[1]); + + exit(0); +} diff --git a/tests/semanage-handle-functions/test_transaction.c b/tests/semanage-handle-functions/test_transaction.c new file mode 100644 index 0000000..f1b0e10 --- /dev/null +++ b/tests/semanage-handle-functions/test_transaction.c @@ -0,0 +1,34 @@ +#include +#include +#include +#include +#include + +#include "functions.c" + +int main (int argc, char **argv) { + semanage_handle_t *sh; + + if (argc < 2) + exit(1); + + sh = get_handle(argv[1]); + + if (argc >= 3 && strcmp(argv[2], "reversed") == 0) { + test_commit(sh); + test_begin_transaction(sh); + } + else if (argc >= 3 && strcmp(argv[2], "twice") == 0) { + test_begin_transaction(sh); + test_begin_transaction(sh); + test_commit(sh); + } + else { + test_begin_transaction(sh); + test_commit(sh); + } + + destroy_handle(sh, argv[1]); + + exit(0); +} diff --git a/tests/semanage-seuser-functions/Makefile b/tests/semanage-seuser-functions/Makefile new file mode 100644 index 0000000..d7202f4 --- /dev/null +++ b/tests/semanage-seuser-functions/Makefile @@ -0,0 +1,63 @@ +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Makefile of /CoreOS/libsemanage/Sanity/semanage-seuser-functions +# Description: Test semanage_seuser_* functions +# Author: Jan Zarsky +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2017 Red Hat, Inc. +# +# This program is free software: you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation, either version 2 of +# the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see http://www.gnu.org/licenses/. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +export TEST=/CoreOS/libsemanage/Sanity/semanage-seuser-functions +export TESTVERSION=1.0 + +BUILT_FILES= + +FILES=$(METADATA) runtest.sh Makefile PURPOSE functions.c test_*.c + +.PHONY: all install download clean + +run: $(FILES) build + ./runtest.sh + +build: $(BUILT_FILES) + test -x runtest.sh || chmod a+x runtest.sh + +clean: + rm -f *~ $(BUILT_FILES) + + +include /usr/share/rhts/lib/rhts-make.include + +$(METADATA): Makefile + @echo "Owner: Jan Zarsky " > $(METADATA) + @echo "Name: $(TEST)" >> $(METADATA) + @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) + @echo "Path: $(TEST_DIR)" >> $(METADATA) + @echo "Description: Test semanage_seuser_* functions" >> $(METADATA) + @echo "Type: Sanity" >> $(METADATA) + @echo "TestTime: 5m" >> $(METADATA) + @echo "RunFor: libsemanage" >> $(METADATA) + @echo "Requires: libsemanage libsemanage-devel glibc gcc" >> $(METADATA) + @echo "Priority: Normal" >> $(METADATA) + @echo "License: GPLv2+" >> $(METADATA) + @echo "Confidential: no" >> $(METADATA) + @echo "Destructive: no" >> $(METADATA) + @echo "Releases: -RHEL4 -RHELClient5 -RHELServer5" >> $(METADATA) + + rhts-lint $(METADATA) diff --git a/tests/semanage-seuser-functions/PURPOSE b/tests/semanage-seuser-functions/PURPOSE new file mode 100644 index 0000000..6b5201a --- /dev/null +++ b/tests/semanage-seuser-functions/PURPOSE @@ -0,0 +1,3 @@ +PURPOSE of /CoreOS/libsemanage/Sanity/semanage-seuser-functions +Description: Test semanage_seuser_* functions +Author: Jan Zarsky diff --git a/tests/semanage-seuser-functions/functions.c b/tests/semanage-seuser-functions/functions.c new file mode 100644 index 0000000..ecde15d --- /dev/null +++ b/tests/semanage-seuser-functions/functions.c @@ -0,0 +1,263 @@ +#include +#include +#include +#include +#include + +void check_result_int(const char *expected, int real) { + int exp = strtol(expected, NULL, 10); + + if (exp != real) { + fprintf(stderr, "Expected %d but got %d\n", exp, real); + exit(1); + } +} + +semanage_handle_t *test_handle_create() { + semanage_handle_t *sh = NULL; + + sh = semanage_handle_create(); + printf("semanage_handle_create(): %p\n", (void *) sh); + + if (sh == NULL) { + perror("semanage_handle_create"); + exit(2); + } + + return sh; +} + +int test_connect(semanage_handle_t *sh) { + int result = semanage_connect(sh); + printf("semanage_connect(%p): %d\n", (void *) sh, result); + + if (result != 0) { + perror("semanage_connect"); + exit(2); + } + + return result; +} + +int test_disconnect(semanage_handle_t *sh) { + int result = semanage_disconnect(sh); + printf("semanage_disconnect(%p): %d\n", (void *) sh, result); + + if (result != 0) { + perror("semanage_disconnect"); + exit(2); + } + + return result; +} + +int test_begin_transaction(semanage_handle_t *sh) { + int result = semanage_begin_transaction(sh); + printf("semanage_begin_transaction(%p): %d\n", (void *) sh, result); + + if (result != 0) { + perror("semanage_begin_transaction"); + exit(2); + } + + return result; +} + +int test_commit(semanage_handle_t *sh) { + int result = semanage_commit(sh); + printf("semanage_commit(%p): %d\n", (void *) sh, result); + + if (result != 0) { + perror("semanage_commit"); + exit(2); + } + + return result; +} + +semanage_seuser_key_t *test_get_key(semanage_handle_t *sh, const char *name) { + semanage_seuser_key_t *key; + int result = semanage_seuser_key_create(sh, name, &key); + printf("semanage_seuser_key_create(%p, %s, %p): %d\n", + (void *) sh, name, (void *) &key, result); + + if (key == NULL || result < 0) { + perror("semanage_seuser_key_create"); + exit(2); + } + + return key; +} + +semanage_seuser_t *test_get_seuser_nth(semanage_handle_t *sh, unsigned int index) { + int result; + semanage_seuser_t **records; + unsigned int count; + + result = semanage_seuser_list(sh, &records, &count); + printf("semanage_seuser_list(%p, %p, %p): %d\n", + (void *) sh, (void *) &records, (void *) &count, result); + + if (result < 0) { + perror("semanage_seuser_list"); + exit(2); + } + + if (count < index + 1) + exit(2); + + return records[index]; +} + +semanage_seuser_t *test_get_seuser_new(semanage_handle_t *sh) { + int result; + semanage_seuser_t *seuser; + + result = semanage_seuser_create(sh, &seuser); + printf("semanage_seuser_create(%p, %p): %d\n", + (void *) sh, (void *) seuser, result); + + if (result < 0) { + perror("semanage_seuser_create"); + exit(2); + } + + return seuser; +} + +semanage_seuser_t *test_get_seuser(semanage_handle_t *sh, const char *param) { + if (strcmp(param, "new") == 0) + return test_get_seuser_new(sh); + + if (strcmp(param, "first") == 0) + return test_get_seuser_nth(sh, 0); + + if (strcmp(param, "second") == 0) + return test_get_seuser_nth(sh, 1); + + fprintf(stderr, "Unknown seuser \"%s\" specified\n", param); + exit(2); +} + +void test_add_local_seuser(semanage_handle_t *sh, semanage_seuser_t *seuser) { + int result; + semanage_seuser_key_t *key; + + result = semanage_seuser_key_extract(sh, seuser, &key); + printf("semanage_seuser_key_extract(%p, %p, %p): %d\n", + (void *) sh, (void *) seuser, (void *) &key, result); + + if (result < 0) { + perror("semanage_seuser_key_extract"); + exit(2); + } + + result = semanage_seuser_modify_local(sh, key, seuser); + printf("semanage_seuser_modify_local(%p, %p, %p): %d\n", + (void *) seuser, (void *) key, (void *) seuser, result); + + if (result < 0) { + perror("semanage_seuser_modify_local"); + exit(2); + } +} + +void test_del_local_seuser(semanage_handle_t *sh, semanage_seuser_t *seuser) { + int result; + semanage_seuser_key_t *key; + + result = semanage_seuser_key_extract(sh, seuser, &key); + printf("semanage_seuser_key_extract(%p, %p, %p): %d\n", + (void *) sh, (void *) seuser, (void *) &key, result); + + if (result < 0) { + perror("semanage_seuser_key_extract"); + exit(2); + } + + result = semanage_seuser_del_local(sh, key); + printf("semanage_seuser_del_local(%p, %p): %d\n", + (void *) seuser, (void *) key, result); + + if (result < 0) { + perror("semanage_seuser_del_local"); + exit(2); + } +} + +#define STATE_INIT 1 +#define STATE_HANDLE 2 +#define STATE_CONN 3 +#define STATE_TRANS 4 + +int get_state(const char *state_str) { + if (strcmp(state_str, "init") == 0) + return STATE_INIT; + if (strcmp(state_str, "handle") == 0) + return STATE_HANDLE; + if (strcmp(state_str, "conn") == 0) + return STATE_CONN; + if (strcmp(state_str, "trans") == 0) + return STATE_TRANS; + + return 0; +} + +semanage_handle_t * get_handle(const char *state_str) { + int state; + semanage_handle_t *sh = NULL; + + state = get_state(state_str); + + if (state >= STATE_INIT) + sh = NULL; + + if (state >= STATE_HANDLE) + sh = test_handle_create(); + + if (state >= STATE_CONN) + test_connect(sh); + + if (state >= STATE_TRANS) + test_begin_transaction(sh); + + return sh; +} + +void destroy_handle(semanage_handle_t *sh, const char *state_str) { + int state; + + state = get_state(state_str); + + if (state >= STATE_TRANS) + test_commit(sh); + + if (state >= STATE_CONN) + test_disconnect(sh); + + if (state >= STATE_HANDLE) { + semanage_handle_destroy(sh); + printf("semanage_handle_destroy(%p)\n", (void *) sh); + } +} + +int strcmp_null(const char *str1, const char *str2) { + if (str1 == NULL && str2 == NULL) + return 0; + + if (str1 == NULL) { + if (strcmp(str2, "NULL") == 0) + return 0; + else + return -1; + } + + if (str2 == NULL) { + if (strcmp(str1, "NULL") == 0) + return 0; + else + return 1; + } + + return strcmp(str1, str2); +} diff --git a/tests/semanage-seuser-functions/runtest.sh b/tests/semanage-seuser-functions/runtest.sh new file mode 100755 index 0000000..a1bcbb7 --- /dev/null +++ b/tests/semanage-seuser-functions/runtest.sh @@ -0,0 +1,255 @@ +#!/bin/bash +# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/libsemanage/Sanity/semanage-seuser-functions +# Description: Test semanage_seuser_* functions +# Author: Jan Zarsky +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2017 Red Hat, Inc. +# +# This program is free software: you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation, either version 2 of +# the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see http://www.gnu.org/licenses/. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include Beaker environment +. /usr/bin/rhts-environment.sh || exit 1 +. /usr/share/beakerlib/beakerlib.sh || exit 1 + +PACKAGE="libsemanage" + +rlJournalStart + rlPhaseStartSetup + rlAssertRpm ${PACKAGE} + rlAssertRpm ${PACKAGE}-devel + rlAssertRpm "glibc" + rlAssertRpm "gcc" + + for f in test_*.c ; do + out=$(echo -n $f | cut -d'.' -f1) + rlRun "gcc $f -o $out -lsemanage -Wall -Wextra -Werror -std=c99" + done + + POLICY_TYPE="$(grep -E '^SELINUXTYPE=' /etc/selinux/config | cut -d'=' -f2 | tr '[:upper:]' '[:lower:]' | tr -d ' ')" + + if rlIsFedora; then + SEUSERS_PATH="/var/lib/selinux/$POLICY_TYPE/active/seusers" + elif rlIsRHEL '>=7'; then + SEUSERS_PATH="/etc/selinux/$POLICY_TYPE/active/seusers" + else + SEUSERS_PATH="/etc/selinux/$POLICY_TYPE/seusers" + fi + + rlRun "cat $SEUSERS_PATH" + + SEUSERS_COUNT="$(cat $SEUSERS_PATH | grep -vE '^#|^$' | wc -l)" + rlRun "[[ \"$SEUSERS_COUNT\" -gt 0 ]]" + + SEUSERS="$(cat $SEUSERS_PATH | grep -vE '^#|^$' | cut -d':' -f1 | tr '\n' ' ')" + rlRun "[[ -n \"$SEUSERS\" ]]" + + first_line="$(cat $SEUSERS_PATH | grep -vE '^#|^$' | head -n 1)" + SEUSER="$(echo -n $first_line | cut -d':' -f1)" + rlRun "[[ -n \"$SEUSER\" ]]" + SEUSER_SENAME="$(echo -n $first_line | cut -d':' -f2)" + rlRun "[[ -n \"$SEUSER_SENAME\" ]]" + SEUSER_MLSRANGE="$(echo -n $first_line | cut -d':' -f3-4)" + rlRun "[[ -n \"$SEUSER_MLSRANGE\" ]]" + + SEUSER_NONEXISTENT="nonuser" + SEUSER_DEFAULT="__default__" + + ERR_FAIL=1 + ERR_ABORT=134 + ERR_SEGFAULT=139 + + # note: each test_*.c program takes first argument which specifies setup + # before executing specified function + # init semanage handle == NULL + # handle semanage handle obtained via semanage_handle_create + # conn connected via semanage_connect + # trans inside transaction, via semanage_begin_transaction + # program returns 1 on error in function, 2 on error in setup + rlPhaseEnd + + rlPhaseStartTest "semanage_seuser_key_create, semanage_seuser_key_free" + # FIXME + # rlRun "./test_key_create init $SEUSER" $ERR_ABORT,$ERR_SEGFAULT + # rlRun "./test_key_create handle $SEUSER" $ERR_FAIL + rlRun "./test_key_create conn $SEUSER" + rlRun "./test_key_create trans $SEUSER" + rlPhaseEnd + + rlPhaseStartTest "semanage_seuser_key_extract" + # FIXME + #rlRun "./test_key_extract conn new" + rlRun "./test_key_extract conn first" + # FIXME + #rlRun "./test_key_extract trans new" + rlRun "./test_key_extract trans first" + rlPhaseEnd + + rlPhaseStartTest "semanage_seuser_compare" + rlRun "./test_compare conn $SEUSER same" + rlRun "./test_compare conn $SEUSER_NONEXISTENT different" + rlRun "./test_compare trans $SEUSER same" + rlRun "./test_compare trans $SEUSER_NONEXISTENT different" + rlPhaseEnd + + rlPhaseStartTest "semanage_seuser_compare2" + rlRun "./test_compare2 conn NULL 0" $ERR_ABORT,$ERR_SEGFAULT + rlRun "./test_compare2 conn 0 NULL" $ERR_ABORT,$ERR_SEGFAULT + rlRun "./test_compare2 conn NULL NULL" $ERR_ABORT,$ERR_SEGFAULT + rlRun "./test_compare2 conn 0 0" + rlRun "./test_compare2 conn 0 1" + rlRun "./test_compare2 trans NULL 0" $ERR_ABORT,$ERR_SEGFAULT + rlRun "./test_compare2 trans 0 NULL" $ERR_ABORT,$ERR_SEGFAULT + rlRun "./test_compare2 trans NULL NULL" $ERR_ABORT,$ERR_SEGFAULT + rlRun "./test_compare2 trans 0 0" + rlRun "./test_compare2 trans 0 1" + rlPhaseEnd + + rlPhaseStartTest "semanage_seuser_count" + rlRun "./test_count init" $ERR_ABORT,$ERR_SEGFAULT + rlRun "./test_count handle" $ERR_FAIL + rlRun "./test_count conn $SEUSERS_COUNT" + rlRun "./test_count trans $SEUSERS_COUNT" + rlPhaseEnd + + rlPhaseStartTest "semanage_seuser_list" + rlRun "./test_list init" $ERR_ABORT,$ERR_SEGFAULT + rlRun "./test_list handle" $ERR_FAIL + rlRun "./test_list conn $SEUSERS_COUNT $SEUSERS" + rlRun "./test_list trans $SEUSERS_COUNT $SEUSERS" + rlPhaseEnd + + rlPhaseStartTest "semanage_seuser_iterate" + rlRun "./test_iterate init" $ERR_ABORT,$ERR_SEGFAULT + rlRun "./test_iterate handle" $ERR_FAIL + rlRun "./test_iterate conn $SEUSERS" + rlRun "./test_iterate trans $SEUSERS" + rlPhaseEnd + + rlPhaseStartTest "semanage_seuser_exists" + rlRun "./test_exists conn $SEUSER_NONEXISTENT 0" + rlRun "./test_exists conn $SEUSER_DEFAULT 1" + rlRun "./test_exists conn $USER 1" + rlRun "./test_exists trans $SEUSER_NONEXISTENT 0" + rlRun "./test_exists trans $SEUSER_DEFAULT 1" + rlRun "./test_exists trans $SEUSER 1" + rlPhaseEnd + + rlPhaseStartTest "semanage_seuser_query" + rlRun "./test_query conn $SEUSER_NONEXISTENT" $ERR_FAIL + rlRun "./test_query conn $SEUSER_DEFAULT" + rlRun "./test_query conn $SEUSER" + rlRun "./test_query trans $SEUSER_NONEXISTENT" $ERR_FAIL + rlRun "./test_query trans $SEUSER_DEFAULT" + rlRun "./test_query trans $SEUSER" + rlPhaseEnd + + rlPhaseStartTest "semanage_seuser_get_name" + rlRun "./test_get_name conn new NULL" + rlRun "./test_get_name conn first $SEUSER" + rlRun "./test_get_name trans new NULL" + rlRun "./test_get_name trans first $SEUSER" + rlPhaseEnd + + rlPhaseStartTest "semanage_seuser_set_name" + name="someuser" + rlRun "./test_set_name conn $name" + rlRun "./test_set_name trans $name" + rlPhaseEnd + + rlPhaseStartTest "semanage_seuser_get_sename" + rlRun "./test_get_sename conn new NULL" + rlRun "./test_get_sename conn first $SEUSER_SENAME" + rlRun "./test_get_sename trans new NULL" + rlRun "./test_get_sename trans first $SEUSER_SENAME" + rlPhaseEnd + + rlPhaseStartTest "semanage_seuser_set_sename" + sename="someuser_u" + rlRun "./test_set_sename conn $sename" + rlRun "./test_set_sename trans $sename" + rlPhaseEnd + + rlPhaseStartTest "semanage_seuser_get_mlsrange" + rlRun "./test_get_mlsrange conn new NULL" + rlRun "./test_get_mlsrange conn first $SEUSER_MLSRANGE" + rlRun "./test_get_mlsrange trans new NULL" + rlRun "./test_get_mlsrange trans first $SEUSER_MLSRANGE" + rlPhaseEnd + + rlPhaseStartTest "semanage_seuser_set_mlsrange" + mlsrange="c0-s1:c0.c42" + rlRun "./test_set_mlsrange conn $mlsrange" + rlRun "./test_set_mlsrange trans $mlsrange" + rlPhaseEnd + + rlPhaseStartTest "semanage_seuser_clone" + # FIXME + #rlRun "./test_clone conn new" + rlRun "./test_clone conn first" + # FIXME + #rlRun "./test_clone trans new" + rlRun "./test_clone trans first" + rlPhaseEnd + + rlPhaseStartTest "semanage_seuser_create" + # FIXME + #rlRun "./test_create init" $ERR_ABORT,$ERR_SEGFAULT + #rlRun "./test_create handle" $ERR_ABORT,$ERR_SEGFAULT + rlRun "./test_create conn" + rlRun "./test_create trans" + rlPhaseEnd + + rlPhaseStartTest "semanage_seuser_modify_local" + # function requires transaction + #rlRun "./test_modify_local conn new" $ERR_FAIL + #rlRun "./test_modify_local conn first" $ERR_FAIL + #rlRun "./test_modify_local trans new" $ERR_FAIL + rlRun "./test_modify_local trans first" + rlPhaseEnd + + rlPhaseStartTest "semanage_seuser_del_local" + # adding local seuser requires transaction + # FIXME + #rlRun "./test_del_local trans first new" + #rlRun "./test_del_local trans first second" + rlRun "./test_del_local trans first first" + rlPhaseEnd + + rlPhaseStartTest "semanage_seuser_exists_local" + # adding local seuser requires transaction + rlRun "./test_exists_local trans first first 1" + rlRun "./test_exists_local trans first second 0" + rlPhaseEnd + + rlPhaseStartTest "semanage_seuser_count_local" + # adding local seuser requires transaction + # FIXME + #rlRun "./test_count_local trans 0" + rlRun "./test_count_local trans 1" + rlRun "./test_count_local trans 2" + rlPhaseEnd + + rlPhaseStartCleanup + testfiles="$(ls -1 test_* | grep -v '\.c' | tr '\n' ' ')" + rlRun "rm -f $testfiles" + rlPhaseEnd +rlJournalPrintText +rlJournalEnd diff --git a/tests/semanage-seuser-functions/test_clone.c b/tests/semanage-seuser-functions/test_clone.c new file mode 100644 index 0000000..8c2554f --- /dev/null +++ b/tests/semanage-seuser-functions/test_clone.c @@ -0,0 +1,60 @@ +#include +#include +#include +#include +#include + +#include "functions.c" + +int main (int argc, char **argv) { + semanage_handle_t *sh; + semanage_seuser_t *seuser; + semanage_seuser_t *seuser_clone; + int result; + const char *str; + const char *str_clone; + + if (argc < 3) + exit(2); + + sh = get_handle(argv[1]); + + seuser = test_get_seuser(sh, argv[2]); + + result = semanage_seuser_clone(sh, seuser, &seuser_clone); + printf("semanage_seuser_clone(%p, %p): %d\n", + (void *) seuser, (void *) seuser_clone, result); + + if (result < 0) { + perror("semanage_seuser_clone"); + exit(1); + } + + str = semanage_seuser_get_name(seuser); + str_clone = semanage_seuser_get_name(seuser_clone); + + if (strcmp(str, str_clone) != 0) { + fprintf(stderr, "Different in get_name\n"); + exit(1); + } + + str = semanage_seuser_get_sename(seuser); + str_clone = semanage_seuser_get_sename(seuser_clone); + + if (strcmp(str, str_clone) != 0) { + fprintf(stderr, "Different in get_sename\n"); + exit(1); + } + + str = semanage_seuser_get_mlsrange(seuser); + str_clone = semanage_seuser_get_mlsrange(seuser_clone); + + if (strcmp(str, str_clone) != 0) { + fprintf(stderr, "Different in get_mlsrange\n"); + exit(1); + } + + destroy_handle(sh, argv[1]); + + exit(0); +} diff --git a/tests/semanage-seuser-functions/test_compare.c b/tests/semanage-seuser-functions/test_compare.c new file mode 100644 index 0000000..5615463 --- /dev/null +++ b/tests/semanage-seuser-functions/test_compare.c @@ -0,0 +1,44 @@ +#include +#include +#include +#include +#include + +#include "functions.c" + +int main (int argc, char **argv) { + semanage_handle_t *sh; + semanage_seuser_t *seuser; + semanage_seuser_key_t *key; + int result; + + if (argc < 3) + exit(2); + + sh = get_handle(argv[1]); + + seuser = test_get_seuser(sh, "first"); + + key = test_get_key(sh, argv[2]); + + result = semanage_seuser_compare(seuser, key); + printf("semanage_seuser_compare(%p, %p): %d\n", + (void *) seuser, (void *) key, result); + + if (argc >= 4) { + if (strcmp(argv[3], "same") == 0 && result != 0) { + fprintf(stderr, "Expected same but got different\n"); + exit(1); + } + else if (strcmp(argv[3], "different") == 0 && result == 0) { + fprintf(stderr, "Expected different but got same\n"); + exit(1); + } + } + + semanage_seuser_key_free(key); + + destroy_handle(sh, argv[1]); + + exit(0); +} diff --git a/tests/semanage-seuser-functions/test_compare2.c b/tests/semanage-seuser-functions/test_compare2.c new file mode 100644 index 0000000..afeec07 --- /dev/null +++ b/tests/semanage-seuser-functions/test_compare2.c @@ -0,0 +1,54 @@ +#include +#include +#include +#include +#include + +#include "functions.c" + +int main (int argc, char **argv) { + semanage_handle_t *sh; + semanage_seuser_t *seuser; + semanage_seuser_t *seuser2; + int result; + int first = -1; + int second = -1; + + if (argc < 4) + exit(2); + + sh = get_handle(argv[1]); + + if (strcmp(argv[2], "NULL") == 0) { + seuser = NULL; + } + else { + first = strtol(argv[2], NULL, 10); + seuser = test_get_seuser_nth(sh, first); + } + + if (strcmp(argv[3], "NULL") == 0) { + seuser2 = NULL; + } + else { + second = strtol(argv[3], NULL, 10); + seuser2 = test_get_seuser_nth(sh, second); + } + + result = semanage_seuser_compare2(seuser, seuser2); + printf("semanage_seuser_compare(%p, %p): %d\n", + (void *) seuser, (void *) seuser2, result); + + if (first == second && result != 0) { + fprintf(stderr, "Expected same but got different\n"); + exit(1); + } + else if (first != second && result == 0) { + fprintf(stderr, "Expected different but got same\n"); + exit(1); + } + + destroy_handle(sh, argv[1]); + + exit(0); +} diff --git a/tests/semanage-seuser-functions/test_count.c b/tests/semanage-seuser-functions/test_count.c new file mode 100644 index 0000000..7fabe4b --- /dev/null +++ b/tests/semanage-seuser-functions/test_count.c @@ -0,0 +1,34 @@ +#include +#include +#include +#include +#include + +#include "functions.c" + +int main (int argc, char **argv) { + semanage_handle_t *sh; + unsigned int response; + int result; + + if (argc < 2) + exit(2); + + sh = get_handle(argv[1]); + + result = semanage_seuser_count(sh, &response); + printf("semanage_seuser_count(%p, %p): %d, response: %u\n", + (void *) sh, (void *) &response, result, response); + + if (result < 0) { + perror("semanage_seuser_count"); + exit(1); + } + + if (argc >= 3) + check_result_int(argv[2], response); + + destroy_handle(sh, argv[1]); + + exit(0); +} diff --git a/tests/semanage-seuser-functions/test_count_local.c b/tests/semanage-seuser-functions/test_count_local.c new file mode 100644 index 0000000..f25ab6d --- /dev/null +++ b/tests/semanage-seuser-functions/test_count_local.c @@ -0,0 +1,46 @@ +#include +#include +#include +#include +#include + +#include "functions.c" + +int main (int argc, char **argv) { + semanage_handle_t *sh; + semanage_seuser_t *seuser; + int result; + unsigned int response; + int num; + + if (argc < 2) + exit(2); + + sh = get_handle(argv[1]); + + num = strtol(argv[2], NULL, 10); + + for (int i = 0; i < num; i++) { + seuser = test_get_seuser_nth(sh, i); + + test_add_local_seuser(sh, seuser); + } + + result = semanage_seuser_count_local(sh, &response); + printf("semanage_seuser_count_local(%p, %p): %d, response: %d\n", + (void *) sh, (void *) &response, result, response); + + if (result < 0) { + perror("semanage_seuser_count_local"); + exit(1); + } + + if (argc >= 3) + check_result_int(argv[2], response); + + test_del_local_seuser(sh, seuser); + + destroy_handle(sh, argv[1]); + + exit(0); +} diff --git a/tests/semanage-seuser-functions/test_create.c b/tests/semanage-seuser-functions/test_create.c new file mode 100644 index 0000000..a5191a0 --- /dev/null +++ b/tests/semanage-seuser-functions/test_create.c @@ -0,0 +1,53 @@ +#include +#include +#include +#include +#include + +#include "functions.c" + +int main (int argc, char **argv) { + semanage_handle_t *sh; + semanage_seuser_t *seuser; + int result; + const char *str; + + if (argc < 2) + exit(2); + + sh = get_handle(argv[1]); + + result = semanage_seuser_create(sh, &seuser); + printf("semanage_seuser_create(%p, %p): %d\n", + (void *) sh, (void *) seuser, result); + + if (result < 0) { + perror("semanage_seuser_create"); + exit(1); + } + + str = semanage_seuser_get_name(seuser); + + if (str != NULL) { + fprintf(stderr, "Expected name == NULL, got %s\n", str); + exit(1); + } + + str = semanage_seuser_get_sename(seuser); + + if (str != NULL) { + fprintf(stderr, "Expected sename == NULL, got %s\n", str); + exit(1); + } + + str = semanage_seuser_get_mlsrange(seuser); + + if (str != NULL) { + fprintf(stderr, "Expected mlsrange == NULL, got %s\n", str); + exit(1); + } + + destroy_handle(sh, argv[1]); + + exit(0); +} diff --git a/tests/semanage-seuser-functions/test_del_local.c b/tests/semanage-seuser-functions/test_del_local.c new file mode 100644 index 0000000..eced74a --- /dev/null +++ b/tests/semanage-seuser-functions/test_del_local.c @@ -0,0 +1,64 @@ +#include +#include +#include +#include +#include + +#include "functions.c" + +int main (int argc, char **argv) { + semanage_handle_t *sh; + semanage_seuser_t *seuser; + semanage_seuser_t *seuser_del; + semanage_seuser_key_t *key; + semanage_seuser_t **records; + int result; + unsigned int count; + + if (argc < 4) + exit(2); + + sh = get_handle(argv[1]); + + seuser = test_get_seuser(sh, argv[2]); + + test_add_local_seuser(sh, seuser); + + seuser_del = test_get_seuser(sh, argv[3]); + + result = semanage_seuser_key_extract(sh, seuser_del, &key); + printf("semanage_seuser_key_extract(%p, %p, %p): %d\n", + (void *) sh, (void *) seuser_del, (void *) &key, result); + + if (result < 0) { + perror("semanage_seuser_key_extract"); + exit(2); + } + + result = semanage_seuser_del_local(sh, key); + printf("semanage_seuser_del_local(%p, %p): %d\n", + (void *) seuser, (void *) key, result); + + if (result < 0) { + perror("semanage_seuser_del_local"); + exit(1); + } + + result = semanage_seuser_list_local(sh, &records, &count); + printf("semanage_seuser_list_local(%p, %p, %p): %d\n", + (void *) sh, (void *) &records, (void *) &count, result); + + if (result < 0) { + perror("semanage_seuser_list_local"); + exit(2); + } + + if (count != 0) { + fprintf(stderr, "Number of local seusers is not 0!\n"); + exit(1); + } + + destroy_handle(sh, argv[1]); + + exit(0); +} diff --git a/tests/semanage-seuser-functions/test_exists.c b/tests/semanage-seuser-functions/test_exists.c new file mode 100644 index 0000000..c0af3b2 --- /dev/null +++ b/tests/semanage-seuser-functions/test_exists.c @@ -0,0 +1,37 @@ +#include +#include +#include +#include +#include + +#include "functions.c" + +int main (int argc, char **argv) { + semanage_handle_t *sh; + semanage_seuser_key_t *key; + int result; + int response; + + if (argc < 3) + exit(2); + + sh = get_handle(argv[1]); + + key = test_get_key(sh, argv[2]); + + result = semanage_seuser_exists(sh, key, &response); + printf("semanage_seuser_exists(%p, %p, %p): %d, response: %d\n", + (void *) sh, (void *) key, (void *) &response, result, response); + + if (result < 0) { + perror("semanage_seuser_exists"); + exit(1); + } + + if (argc >= 4) + check_result_int(argv[3], response); + + destroy_handle(sh, argv[1]); + + exit(0); +} diff --git a/tests/semanage-seuser-functions/test_exists_local.c b/tests/semanage-seuser-functions/test_exists_local.c new file mode 100644 index 0000000..165d5b3 --- /dev/null +++ b/tests/semanage-seuser-functions/test_exists_local.c @@ -0,0 +1,59 @@ +#include +#include +#include +#include +#include + +#include "functions.c" + +int main (int argc, char **argv) { + semanage_handle_t *sh; + semanage_seuser_t *seuser; + semanage_seuser_t *seuser_exists; + semanage_seuser_key_t *key; + int result; + int response; + int exp; + + if (argc < 4) + exit(2); + + sh = get_handle(argv[1]); + + seuser = test_get_seuser(sh, argv[2]); + seuser_exists = test_get_seuser(sh, argv[3]); + + test_add_local_seuser(sh, seuser); + + result = semanage_seuser_key_extract(sh, seuser_exists, &key); + printf("semanage_seuser_key_extract(%p, %p, %p): %d\n", + (void *) sh, (void *) seuser_exists, (void *) &key, result); + if (result < 0) { + perror("semanage_seuser_key_extract"); + exit(2); + } + + result = semanage_seuser_exists_local(sh, key, &response); + printf("semanage_seuser_exists_local(%p, %p, %p): %d\n", + (void *) sh, (void *) key, (void *) &response, result); + + if (result < 0) { + perror("semanage_seuser_exists_local"); + exit(1); + } + + if (argc >= 5) { + exp = strtol(argv[4], NULL, 10); + + if (response != exp) { + fprintf(stderr, "Expected %d but got %d\n", exp, response); + exit(1); + } + } + + test_del_local_seuser(sh, seuser); + + destroy_handle(sh, argv[1]); + + exit(0); +} diff --git a/tests/semanage-seuser-functions/test_get_mlsrange.c b/tests/semanage-seuser-functions/test_get_mlsrange.c new file mode 100644 index 0000000..97172dc --- /dev/null +++ b/tests/semanage-seuser-functions/test_get_mlsrange.c @@ -0,0 +1,32 @@ +#include +#include +#include +#include +#include + +#include "functions.c" + +int main (int argc, char **argv) { + semanage_handle_t *sh; + semanage_seuser_t *seuser; + + if (argc < 4) + exit(2); + + sh = get_handle(argv[1]); + + seuser = test_get_seuser(sh, argv[2]); + + const char *name = semanage_seuser_get_mlsrange(seuser); + printf("semanage_seuser_get_mlsrange(%p): %s\n", + (void *) seuser, name); + + if (strcmp_null(argv[3], name) != 0) { + fprintf(stderr, "Expected %s but got %s\n", argv[2], name); + exit(1); + } + + destroy_handle(sh, argv[1]); + + exit(0); +} diff --git a/tests/semanage-seuser-functions/test_get_name.c b/tests/semanage-seuser-functions/test_get_name.c new file mode 100644 index 0000000..95d9025 --- /dev/null +++ b/tests/semanage-seuser-functions/test_get_name.c @@ -0,0 +1,32 @@ +#include +#include +#include +#include +#include + +#include "functions.c" + +int main (int argc, char **argv) { + semanage_handle_t *sh; + semanage_seuser_t *seuser; + + if (argc < 4) + exit(2); + + sh = get_handle(argv[1]); + + seuser = test_get_seuser(sh, argv[2]); + + const char *name = semanage_seuser_get_name(seuser); + printf("semanage_seuser_get_name(%p): %s\n", + (void *) seuser, name); + + if (strcmp_null(argv[3], name) != 0) { + fprintf(stderr, "Expected %s but got %s\n", argv[2], name); + exit(1); + } + + destroy_handle(sh, argv[1]); + + exit(0); +} diff --git a/tests/semanage-seuser-functions/test_get_sename.c b/tests/semanage-seuser-functions/test_get_sename.c new file mode 100644 index 0000000..1ed7248 --- /dev/null +++ b/tests/semanage-seuser-functions/test_get_sename.c @@ -0,0 +1,32 @@ +#include +#include +#include +#include +#include + +#include "functions.c" + +int main (int argc, char **argv) { + semanage_handle_t *sh; + semanage_seuser_t *seuser; + + if (argc < 4) + exit(2); + + sh = get_handle(argv[1]); + + seuser = test_get_seuser(sh, argv[2]); + + const char *name = semanage_seuser_get_sename(seuser); + printf("semanage_seuser_get_sename(%p): %s\n", + (void *) seuser, name); + + if (strcmp_null(argv[3], name) != 0) { + fprintf(stderr, "Expected %s but got %s\n", argv[2], name); + exit(1); + } + + destroy_handle(sh, argv[1]); + + exit(0); +} diff --git a/tests/semanage-seuser-functions/test_iterate.c b/tests/semanage-seuser-functions/test_iterate.c new file mode 100644 index 0000000..533087a --- /dev/null +++ b/tests/semanage-seuser-functions/test_iterate.c @@ -0,0 +1,49 @@ +#include +#include +#include +#include +#include + +#include "functions.c" + +int counter = 0; + +int handler(const semanage_seuser_t *record, void *varg) { + char **args = (char **) varg; + + const char *name = semanage_seuser_get_name(record); + + if (strcmp(name, args[2 + counter++]) != 0) + return -1; + + return 0; +} + +int main (int argc, char **argv) { + semanage_handle_t *sh; + int result; + + if (argc < 2) + exit(2); + + sh = get_handle(argv[1]); + + char **param = NULL; + + if (argc >= 3) { + param = argv; + } + + result = semanage_seuser_iterate(sh, &handler, (void *) param); + printf("semanage_seuser_iterate(%p, %p, %p): %d\n", + (void *) sh, (void *) &handler, (void *) param, result); + + if (result < 0) { + perror("semanage_seuser_iterate"); + exit(1); + } + + destroy_handle(sh, argv[1]); + + exit(0); +} diff --git a/tests/semanage-seuser-functions/test_key_create.c b/tests/semanage-seuser-functions/test_key_create.c new file mode 100644 index 0000000..8f3aaf5 --- /dev/null +++ b/tests/semanage-seuser-functions/test_key_create.c @@ -0,0 +1,39 @@ +#include +#include +#include +#include +#include + +#include "functions.c" + +int main (int argc, char **argv) { + semanage_handle_t *sh; + semanage_seuser_key_t *key; + const char *name; + int result; + + if (argc < 3) + exit(2); + + sh = get_handle(argv[1]); + + if (strcmp(argv[2], "NULL") == 0) + name = NULL; + else + name = argv[2]; + + result = semanage_seuser_key_create(sh, name, &key); + printf("semanage_seuser_key_create(%p, %s, %p): %d\n", + (void *) sh, name, (void *) &key, result); + + if (result < 0 || key == NULL) { + perror("semanage_seuser_key_create"); + exit(1); + } + + semanage_seuser_key_free(key); + + destroy_handle(sh, argv[1]); + + exit(0); +} diff --git a/tests/semanage-seuser-functions/test_key_extract.c b/tests/semanage-seuser-functions/test_key_extract.c new file mode 100644 index 0000000..50658dc --- /dev/null +++ b/tests/semanage-seuser-functions/test_key_extract.c @@ -0,0 +1,45 @@ +#include +#include +#include +#include +#include + +#include "functions.c" + +int main (int argc, char **argv) { + semanage_handle_t *sh; + semanage_seuser_t *seuser; + semanage_seuser_key_t *key; + int result; + + if (argc < 3) + exit(2); + + sh = get_handle(argv[1]); + + seuser = test_get_seuser(sh, argv[2]); + + result = semanage_seuser_key_extract(sh, seuser, &key); + printf("semanage_seuser_key_extract(%p, %p, %p): %d\n", + (void *) sh, (void *) seuser, (void *) &key, result); + + if (result < 0) { + perror("semanage_seuser_key_extract"); + exit(1); + } + + result = semanage_seuser_compare(seuser, key); + printf("semanage_seuser_compare(%p, %p): %d\n", + (void *) seuser, (void *) key, result); + + if (result != 0) { + perror("semanage_seuser_compare"); + exit(1); + } + + semanage_seuser_key_free(key); + + destroy_handle(sh, argv[1]); + + exit(0); +} diff --git a/tests/semanage-seuser-functions/test_list.c b/tests/semanage-seuser-functions/test_list.c new file mode 100644 index 0000000..ae06187 --- /dev/null +++ b/tests/semanage-seuser-functions/test_list.c @@ -0,0 +1,63 @@ +#include +#include +#include +#include +#include + +#include "functions.c" + +int main (int argc, char **argv) { + semanage_handle_t *sh; + semanage_seuser_t **records; + unsigned int count; + int result; + + if (argc < 2) + exit(2); + + sh = get_handle(argv[1]); + + result = semanage_seuser_list(sh, &records, &count); + printf("semanage_seuser_list(%p, %p, %p): %d", + (void *) sh, (void *) &records, (void *) &count, result); + + if (result < 0) { + perror("semanage_seuser_list"); + exit(1); + } + + printf(", count: %u, records: ", count); + + const char *name; + + for (unsigned int i = 0; i < count; i++) { + name = semanage_seuser_get_name(records[i]); + printf("%p (%s), ", (void *) records[i], name); + } + + printf("\n"); + + if (argc >= 3) { + unsigned int exp_count = strtoul(argv[2], NULL, 10); + + if (count != exp_count) { + printf("Expected %u but got %u\n", exp_count, count); + exit(1); + } + + const char *name; + + for (unsigned int i = 0; i < count; i++) { + name = semanage_seuser_get_name(records[i]); + + if (strcmp(name, argv[3 + i]) != 0) { + printf("Expected %s but got %s\n", name, argv[3 + i]); + exit(1); + } + } + } + + destroy_handle(sh, argv[1]); + + exit(0); +} diff --git a/tests/semanage-seuser-functions/test_modify_local.c b/tests/semanage-seuser-functions/test_modify_local.c new file mode 100644 index 0000000..53a11f5 --- /dev/null +++ b/tests/semanage-seuser-functions/test_modify_local.c @@ -0,0 +1,64 @@ +#include +#include +#include +#include +#include + +#include "functions.c" + +int main (int argc, char **argv) { + semanage_handle_t *sh; + semanage_seuser_t *seuser; + semanage_seuser_key_t *key; + semanage_seuser_t **records; + int result; + unsigned int count; + + if (argc < 3) + exit(2); + + sh = get_handle(argv[1]); + + seuser = test_get_seuser(sh, argv[2]); + + result = semanage_seuser_key_extract(sh, seuser, &key); + printf("semanage_seuser_key_extract(%p, %p, %p): %d\n", + (void *) sh, (void *) seuser, (void *) &key, result); + + if (result < 0) { + perror("semanage_seuser_key_extract"); + exit(2); + } + + result = semanage_seuser_modify_local(sh, key, seuser); + printf("semanage_seuser_modify_local(%p, %p, %p): %d\n", + (void *) seuser, (void *) key, (void *) seuser, result); + + if (result < 0) { + perror("semanage_seuser_modify_local"); + exit(1); + } + + result = semanage_seuser_list_local(sh, &records, &count); + printf("semanage_seuser_list_local(%p, %p, %p): %d\n", + (void *) sh, (void *) &records, (void *) &count, result); + + if (result < 0) { + perror("semanage_seuser_list_local"); + exit(2); + } + + if (count != 1) { + fprintf(stderr, "Number of local seusers is %u, expected 1!\n", count); + exit(1); + } + + if (semanage_seuser_compare(records[0], key) != 0) { + fprintf(stderr, "Local seuser is different!\n"); + exit(1); + } + + destroy_handle(sh, argv[1]); + + exit(0); +} diff --git a/tests/semanage-seuser-functions/test_query.c b/tests/semanage-seuser-functions/test_query.c new file mode 100644 index 0000000..10b4e27 --- /dev/null +++ b/tests/semanage-seuser-functions/test_query.c @@ -0,0 +1,50 @@ +#include +#include +#include +#include +#include + +#include "functions.c" + +int main (int argc, char **argv) { + semanage_handle_t *sh; + semanage_seuser_key_t *key; + semanage_seuser_t *response; + int result; + + if (argc < 3) + exit(2); + + sh = get_handle(argv[1]); + + result = semanage_seuser_key_create(sh, argv[2], &key); + printf("semanage_seuser_key_create(%p, %s, %p): %d\n", + (void *) sh, argv[2], (void *) &key, result); + + if (result < 0 || key == NULL) { + perror("semanage_seuser_key_create"); + exit(2); + } + + result = semanage_seuser_query(sh, key, &response); + printf("semanage_seuser_query(%p, %p, %p): %d, response: %p\n", + (void *) sh, (void *) key, (void *) &response, result, (void *) response); + + if (result < 0) { + perror("semanage_seuser_query"); + exit(1); + } + + const char *name = semanage_seuser_get_name(response); + printf("semanage_seuser_get_name(%p): %s\n", + (void *) response, name); + + if (strcmp(argv[2], name) != 0) { + perror("semanage_seuser_get_name"); + exit(2); + } + + destroy_handle(sh, argv[1]); + + exit(0); +} diff --git a/tests/semanage-seuser-functions/test_set_mlsrange.c b/tests/semanage-seuser-functions/test_set_mlsrange.c new file mode 100644 index 0000000..48440ac --- /dev/null +++ b/tests/semanage-seuser-functions/test_set_mlsrange.c @@ -0,0 +1,62 @@ +#include +#include +#include +#include +#include + +#include "functions.c" + +int main (int argc, char **argv) { + semanage_handle_t *sh; + semanage_seuser_t *user; + int result; + const char *mlsrange; + + if (argc < 3) + exit(2); + + sh = get_handle(argv[1]); + + user = test_get_seuser(sh, "first"); + + if (strcmp(argv[2], "NULL") == 0) + mlsrange = NULL; + else + mlsrange = argv[2]; + + const char *old_mlsrange = semanage_seuser_get_mlsrange(user); + printf("semanage_seuser_get_mlsrange(%p): %s\n", + (void *) user, old_mlsrange); + + if (old_mlsrange == NULL) { + perror("semanage_seuser_get_mlsrange"); + exit(2); + } + + if (strcmp(old_mlsrange, mlsrange) == 0) { + printf("New mlsrange is the same\n"); + exit(2); + } + + result = semanage_seuser_set_mlsrange(sh, user, mlsrange); + printf("semanage_seuser_set_mlsrange(%p, %p, %s): %d\n", + (void *) sh, (void *) user, mlsrange, result); + + if (result < 0) { + perror("semanage_seuser_set_mlsrange"); + exit(1); + } + + const char *new_mlsrange = semanage_seuser_get_mlsrange(user); + printf("semanage_seuser_get_mlsrange(%p): %s\n", + (void *) user, new_mlsrange); + + if (strcmp(new_mlsrange, mlsrange) != 0) { + perror("semanage_seuser_get_mlsrange"); + exit(1); + } + + destroy_handle(sh, argv[1]); + + exit(0); +} diff --git a/tests/semanage-seuser-functions/test_set_name.c b/tests/semanage-seuser-functions/test_set_name.c new file mode 100644 index 0000000..3e448e8 --- /dev/null +++ b/tests/semanage-seuser-functions/test_set_name.c @@ -0,0 +1,62 @@ +#include +#include +#include +#include +#include + +#include "functions.c" + +int main (int argc, char **argv) { + semanage_handle_t *sh; + semanage_seuser_t *user; + int result; + const char *name; + + if (argc < 3) + exit(2); + + sh = get_handle(argv[1]); + + user = test_get_seuser(sh, "first"); + + if (strcmp(argv[2], "NULL") == 0) + name = NULL; + else + name = argv[2]; + + const char *old_name = semanage_seuser_get_name(user); + printf("semanage_seuser_get_name(%p): %s\n", + (void *) user, old_name); + + if (old_name == NULL) { + perror("semanage_seuser_get_name"); + exit(2); + } + + if (strcmp(old_name, name) == 0) { + printf("New name is the same\n"); + exit(2); + } + + result = semanage_seuser_set_name(sh, user, name); + printf("semanage_seuser_set_name(%p, %p, %s): %d\n", + (void *) sh, (void *) user, name, result); + + if (result < 0) { + perror("semanage_seuser_set_name"); + exit(1); + } + + const char *new_name = semanage_seuser_get_name(user); + printf("semanage_seuser_get_name(%p): %s\n", + (void *) user, new_name); + + if (strcmp(new_name, name) != 0) { + perror("semanage_seuser_get_name"); + exit(1); + } + + destroy_handle(sh, argv[1]); + + exit(0); +} diff --git a/tests/semanage-seuser-functions/test_set_sename.c b/tests/semanage-seuser-functions/test_set_sename.c new file mode 100644 index 0000000..402c5b7 --- /dev/null +++ b/tests/semanage-seuser-functions/test_set_sename.c @@ -0,0 +1,62 @@ +#include +#include +#include +#include +#include + +#include "functions.c" + +int main (int argc, char **argv) { + semanage_handle_t *sh; + semanage_seuser_t *user; + int result; + const char *name; + + if (argc < 3) + exit(2); + + sh = get_handle(argv[1]); + + user = test_get_seuser(sh, "first"); + + if (strcmp(argv[2], "NULL") == 0) + name = NULL; + else + name = argv[2]; + + const char *old_name = semanage_seuser_get_sename(user); + printf("semanage_seuser_get_sename(%p): %s\n", + (void *) user, old_name); + + if (old_name == NULL) { + perror("semanage_seuser_get_sename"); + exit(2); + } + + if (strcmp(old_name, name) == 0) { + printf("New name is the same\n"); + exit(2); + } + + result = semanage_seuser_set_sename(sh, user, name); + printf("semanage_seuser_set_sename(%p, %p, %s): %d\n", + (void *) sh, (void *) user, name, result); + + if (result < 0) { + perror("semanage_seuser_set_sename"); + exit(1); + } + + const char *new_name = semanage_seuser_get_sename(user); + printf("semanage_seuser_get_sename(%p): %s\n", + (void *) user, new_name); + + if (strcmp(new_name, name) != 0) { + perror("semanage_seuser_get_sename"); + exit(1); + } + + destroy_handle(sh, argv[1]); + + exit(0); +} diff --git a/tests/tests.yml b/tests/tests.yml new file mode 100644 index 0000000..9a88c7c --- /dev/null +++ b/tests/tests.yml @@ -0,0 +1,22 @@ +--- +# Tests that run in all contexts +- hosts: localhost + roles: + - role: standard-test-beakerlib + tags: + - classic + tests: + - semanage-handle-functions + - semanage-seuser-functions + - verify-options-in-semanage-conf + required_packages: + - libsemanage # Required for semanage-*-functions tests + - libsemanage-devel # Required for semanage-*-functions tests + - glibc # Required for semanage-*-functions tests + - gcc # Required for semanage-*-functions tests + - libselinux # Required for verify-options-in-semanage-conf + - libselinux-utils # Required for verify-options-in-semanage-conf + - policycoreutils # Required for verify-options-in-semanage-conf + - policycoreutils-python # Required for verify-options-in-semanage-conf when running on RHEL + - selinux-policy # Required for verify-options-in-semanage-conf + - selinux-policy-devel # Required for verify-options-in-semanage-conf diff --git a/tests/verify-options-in-semanage-conf/Makefile b/tests/verify-options-in-semanage-conf/Makefile new file mode 100644 index 0000000..3f94665 --- /dev/null +++ b/tests/verify-options-in-semanage-conf/Makefile @@ -0,0 +1,64 @@ +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Makefile of /CoreOS/libsemanage/Sanity/verify-options-in-semanage-conf +# Description: Are the verify options in semanage.conf honored? +# Author: Milos Malik +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2016 Red Hat, Inc. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +export TEST=/CoreOS/libsemanage/Sanity/verify-options-in-semanage-conf +export TESTVERSION=1.0 + +BUILT_FILES= + +FILES=$(METADATA) runtest.sh Makefile PURPOSE empty.te + +.PHONY: all install download clean + +run: $(FILES) build + ./runtest.sh + +build: $(BUILT_FILES) + test -x runtest.sh || chmod a+x runtest.sh + +clean: + rm -f *~ $(BUILT_FILES) + +include /usr/share/rhts/lib/rhts-make.include + +$(METADATA): Makefile + @echo "Owner: Milos Malik " > $(METADATA) + @echo "Name: $(TEST)" >> $(METADATA) + @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) + @echo "Path: $(TEST_DIR)" >> $(METADATA) + @echo "Description: Are the verify options in semanage.conf honored?" >> $(METADATA) + @echo "Type: Sanity" >> $(METADATA) + @echo "TestTime: 10m" >> $(METADATA) + @echo "RunFor: libsemanage" >> $(METADATA) + @echo "Requires: libselinux libselinux-utils libsemanage policycoreutils policycoreutils-python selinux-policy selinux-policy-devel" >> $(METADATA) + @echo "Priority: Normal" >> $(METADATA) + @echo "License: GPLv2" >> $(METADATA) + @echo "Confidential: no" >> $(METADATA) + @echo "Destructive: no" >> $(METADATA) + @echo "Releases: -RHEL4 -RHELClient5 -RHELServer5" >> $(METADATA) + + rhts-lint $(METADATA) + diff --git a/tests/verify-options-in-semanage-conf/PURPOSE b/tests/verify-options-in-semanage-conf/PURPOSE new file mode 100644 index 0000000..356daec --- /dev/null +++ b/tests/verify-options-in-semanage-conf/PURPOSE @@ -0,0 +1,9 @@ +PURPOSE of /CoreOS/libsemanage/Sanity/verify-options-in-semanage-conf +Author: Milos Malik + +Are the verify options in semanage.conf honored? +Tested options: verify kernel, verify module, verify linked +Tested tools: semodule, semanage +Positive and negative cases are tested. +Original information found at http://selinuxproject.org/page/PolicyValidate + diff --git a/tests/verify-options-in-semanage-conf/empty.te b/tests/verify-options-in-semanage-conf/empty.te new file mode 100644 index 0000000..5a08472 --- /dev/null +++ b/tests/verify-options-in-semanage-conf/empty.te @@ -0,0 +1,2 @@ +policy_module(empty,1.0) + diff --git a/tests/verify-options-in-semanage-conf/runtest.sh b/tests/verify-options-in-semanage-conf/runtest.sh new file mode 100755 index 0000000..c7891f3 --- /dev/null +++ b/tests/verify-options-in-semanage-conf/runtest.sh @@ -0,0 +1,142 @@ +#!/bin/bash +# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/libsemanage/Sanity/verify-options-in-semanage-conf +# Description: Are the verify options in semanage.conf honored? +# Author: Milos Malik +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2016 Red Hat, Inc. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include Beaker environment +. /usr/bin/rhts-environment.sh || exit 1 +. /usr/share/beakerlib/beakerlib.sh || exit 1 + +PACKAGE="libsemanage" +MODULE_NAME="empty" +SEMANAGE_CONF="/etc/selinux/semanage.conf" + +rlJournalStart + rlPhaseStartSetup + rlAssertRpm ${PACKAGE} + rlAssertRpm policycoreutils + rlAssertRpm selinux-policy + rlFileBackup ${SEMANAGE_CONF} + rlRun "rpm -qf /usr/sbin/semanage" + rlRun "grep -v -e '^#' -e '^$' ${SEMANAGE_CONF}" + OUTPUT_FILE=`mktemp` + + rlRun "setenforce 1" + rlRun "sestatus" + rlRun "ls -l ${MODULE_NAME}.te" + rlRun "make -f /usr/share/selinux/devel/Makefile" + rlRun "ls -l ${MODULE_NAME}.pp" + rlPhaseEnd + + rlLog "positive cases follow" + # TODO: /bin/true could be replaced a script, which prints the supplied arguments into a file for further inspection + + rlPhaseStartTest "verify kernel" + rlRun "semodule -r ${MODULE_NAME}" 0,1 + rlFileRestore + rlRun "echo -en '[verify kernel]\npath = /bin/true\nargs = \$@\n[end]\n' >> ${SEMANAGE_CONF}" + rlRun "semodule -i ${MODULE_NAME}.pp 2>&1 | tee ${OUTPUT_FILE}" + rlAssertNotGrep "semodule.*failed" ${OUTPUT_FILE} -i + rlRun "semodule -l | grep ${MODULE_NAME}" + rlRun "semanage module -a ${MODULE_NAME}.pp 2>&1 | tee ${OUTPUT_FILE}" + rlAssertNotGrep "could not commit semanage transaction|no such file or directory" ${OUTPUT_FILE} -Ei + rlRun "semanage module -l | grep ${MODULE_NAME}" + rlPhaseEnd + + rlPhaseStartTest "verify module" + rlRun "semodule -r ${MODULE_NAME}" 0,1 + rlFileRestore + rlRun "echo -en '[verify module]\npath = /bin/true\nargs = \$@\n[end]\n' >> ${SEMANAGE_CONF}" + rlRun "semodule -i ${MODULE_NAME}.pp 2>&1 | tee ${OUTPUT_FILE}" + rlAssertNotGrep "semodule.*failed" ${OUTPUT_FILE} -i + rlRun "semodule -l | grep ${MODULE_NAME}" + rlRun "semanage module -a ${MODULE_NAME}.pp 2>&1 | tee ${OUTPUT_FILE}" + rlAssertNotGrep "could not commit semanage transaction|no such file or directory" ${OUTPUT_FILE} -Ei + rlRun "semanage module -l | grep ${MODULE_NAME}" + rlPhaseEnd + + if rlIsRHEL '<7.3' ; then # because "[verify linked]" was dropped + rlPhaseStartTest "verify linked" + rlRun "semodule -r ${MODULE_NAME}" 0,1 + rlFileRestore + rlRun "echo -en '[verify linked]\npath = /bin/true\nargs = \$@\n[end]\n' >> ${SEMANAGE_CONF}" + rlRun "semodule -i ${MODULE_NAME}.pp 2>&1 | tee ${OUTPUT_FILE}" + rlAssertNotGrep "semodule.*failed" ${OUTPUT_FILE} -i + rlRun "semodule -l | grep ${MODULE_NAME}" + rlRun "semanage module -a ${MODULE_NAME}.pp 2>&1 | tee ${OUTPUT_FILE}" + rlAssertNotGrep "could not commit semanage transaction|no such file or directory" ${OUTPUT_FILE} -Ei + rlRun "semanage module -l | grep ${MODULE_NAME}" + rlPhaseEnd + fi + + rlLog "negative cases follow" + # TODO: /bin/false could be replaced a script, which prints the supplied arguments into a file for further inspection + + rlPhaseStartTest "verify kernel" + rlRun "semodule -r ${MODULE_NAME}" 0,1 + rlFileRestore + rlRun "echo -en '[verify kernel]\npath = /bin/false\nargs = \$@\n[end]\n' >> ${SEMANAGE_CONF}" + rlRun "semodule -i ${MODULE_NAME}.pp 2>&1 | tee ${OUTPUT_FILE}" + rlAssertGrep "semodule.*failed" ${OUTPUT_FILE} -i + rlRun "semodule -l | grep ${MODULE_NAME}" 1 + rlRun "semanage module -a ${MODULE_NAME}.pp 2>&1 | tee ${OUTPUT_FILE}" + rlAssertGrep "could not commit semanage transaction|no such file or directory" ${OUTPUT_FILE} -Ei + rlRun "semanage module -l | grep ${MODULE_NAME}" 1 + rlPhaseEnd + + rlPhaseStartTest "verify module" + rlRun "semodule -r ${MODULE_NAME}" 0,1 + rlFileRestore + rlRun "echo -en '[verify module]\npath = /bin/false\nargs = \$@\n[end]\n' >> ${SEMANAGE_CONF}" + rlRun "semodule -i ${MODULE_NAME}.pp 2>&1 | tee ${OUTPUT_FILE}" + rlAssertGrep "semodule.*failed" ${OUTPUT_FILE} -i + rlRun "semodule -l | grep ${MODULE_NAME}" 1 + rlRun "semanage module -a ${MODULE_NAME}.pp 2>&1 | tee ${OUTPUT_FILE}" + rlAssertGrep "could not commit semanage transaction|no such file or directory" ${OUTPUT_FILE} -Ei + rlRun "semanage module -l | grep ${MODULE_NAME}" 1 + rlPhaseEnd + + if rlIsRHEL '<7.3' ; then # because "[verify linked]" was dropped + rlPhaseStartTest "verify linked" + rlRun "semodule -r ${MODULE_NAME}" 0,1 + rlFileRestore + rlRun "echo -en '[verify linked]\npath = /bin/false\nargs = \$@\n[end]\n' >> ${SEMANAGE_CONF}" + rlRun "semodule -i ${MODULE_NAME}.pp 2>&1 | tee ${OUTPUT_FILE}" + rlAssertGrep "semodule.*failed" ${OUTPUT_FILE} -i + rlRun "semodule -l | grep ${MODULE_NAME}" 1 + rlRun "semanage module -a ${MODULE_NAME}.pp 2>&1 | tee ${OUTPUT_FILE}" + rlAssertGrep "could not commit semanage transaction|no such file or directory" ${OUTPUT_FILE} -Ei + rlRun "semanage module -l | grep ${MODULE_NAME}" 1 + rlPhaseEnd + fi + + rlPhaseStartCleanup + rlRun "rm -f ${MODULE_NAME}.pp ${OUTPUT_FILE}" + rlFileRestore + rlPhaseEnd +rlJournalPrintText +rlJournalEnd +